Qubes OS 3.2 was released as an incremental upgrade over Qubes OS 3.1. The new version focuses on polish and stability, as well as on improving the user experience.
Qubes OS is a security-oriented operating that aims to protect users through “compartmentalization.” The idea is to keep activities that aren’t related to each other, such as personal, work, and banking activities, in isolated virtual machines. You simply start a VM for work and one for banking, ensuring that the malware you may be getting while working doesn’t affect your banking accounts (for example).
The OS allows even more fine-grained control, though. You could for instance start a “disposable VM” that opens a single risky application, and then everything will be wiped when you close its VM.
New Management Functionality
One of the biggest features the new release received is the ability to manage not just the VMs themselves, but the insides of those VMs, as well. That means that you can customize your “Work” VM, for instance, to have certain configurations by default when you do the Qubes OS initial setup.
Allowing the management engine to integrate more deeply into the VMs would normally mean that the VMs would be more exposed to attacks. However, the Qubes OS team believes that it found an “elegant” solution for this, which it implemented in Qubes OS 3.2.
For version 4.x, the team plans to further increase the level of customization to include the following features:
Pre-configured apps optimized to take advantage of Qubes’ compartmentalization, such as Thunderbird with Qubes Split GPGUI and system-wide customizations for specific use casesCorporate remote management and integration
Qubes OS 3.2 also comes with a feature called USB passthrough, which allows users to assign individual USB devices such as webcams and Bitcoin hardware wallets to AppVMs. That means now users can do Skype conferences or use other applications that previously required USB access.
Qubes OS has been sandboxing USB devices since it was created, but due to hardware limitations for virtualization technologies, all USB devices connected to a USB controller had to be assigned the same VM, whereas now they can be assigned different VMs. The Qubes team solved this through a software work-around, with the downside that the USB sandboxing is now slightly more exposed to attacks.
The team also noted that if the USB drive is malicious, the VM to which it is assigned is still vulnerable to attacks. This is a problem with all operating systems, but unlike the rest, Qubes OS sandboxes the USB drive from infecting the other system components outside of the assigned VM.
The Qubes OS team recommended that users always be mindful of what USB drives they plug into their computers.
From KDE To Xfce
Qubes OS 3.2 also switched from KDE to Xfce4 as the default desktop environment. The core developers have been complaining about the bloat and instability in KDE and plan to switch to Gnome in the future, but as a stopgap, they’ve chosen Xfce.
Qubes OS 3.1 users can choose to upgrade to 3.2, but a clean installation is preferable, according to the Qubes OS team. Those on Qubes OS 3.2 release candidates can upgrade normally to the stable release.
Edward Snowden, the NSA whistleblower, hasn’t shied away from telling people what his most trusted security tools are. Qubes OS has been one of them for sometime, and he’s now once again recommending people who are serious about security to give it a try.